Category: Myths and misconceptions

Not so long ago, I was remotely managing an investigation into corruption allegations in a country pretty far down TI’s Corruption Perceptions Index.* The allegations had come from a whistleblower, and were serious and complex.

The lead investigator had just returned, fresh off the plane and into our update meeting with the rest of the team. We sat down in a comfortable meeting room, thousands of miles away from the dusty, hectic and often frightening city in which the allegations had arisen. The city was one of those places that was sort-of a conflict zone, sort-of a disaster zone, sort-of a global city and sort-of none of these things. Development specialists and humanitarians worked shoulder-to-shoulder, and projects evolved quickly in response to an endlessly changing local environment.

“Yeah, so, I interviewed the snitch,” she began, with a cheeky smirk.

I stopped the meeting.

“The what?” I said.

‘Snitch’, ‘grass’, ‘squealer’ – this was not the first time that I’d heard investigators themselves using pejorative euphemisms for whistleblowers, informants and sources. It is bizarre; often, without such sources, there would be no investigation. So where does this attitude come from?

There is another dimension of anti-corruption work that’s similarly full of euphemisms, and might offer an answer – and that’s the act of bribery itself. As Richard Bistrong memorably said, “the language of bribery has many words – except ‘bribery’.”

A ‘drink’, ‘gravy’, ‘tea-money’, ‘consultation fees’ – such language is often an exercise in re-framing, a way to alleviate discomfort with bribery by using words that carry different (and lighter) connotations. So, is the truth that some investigators are uncomfortable with whistleblowers – that there is a deep aversion, perhaps culturally-rooted, to people who ‘tell on others’?

Fortunately, I don’t think many investigators fit into this category, but there are enough that we need to talk about the tension here. Firstly, the truth is that whistleblowers and their reports are the lifeblood not just of an investigation, but of an entire fraud and corruption control framework. Without these reports, we would not necessarily be able to:

Gain prior warning of materialising fraud and corruption risks;

Conduct trend analysis of risk areas (especially where reports did not contain sufficient data for full action);

Secondly, whistleblowers face enough challenges already. From stakeholders obsessed with identifying them, to those who try to use the whistleblower’s motivations as a shortcut for judging their credibility (and no – just because a whistleblower is motivated by reward or revenge, it does not mean that their allegations are untrue). Investigators play a critical role in mitigating these risks to them.

Thirdly, and this might come as a surprise to some investigators – whistleblowers don’t just talk to you. So if you fail in your management of them, chances are people will find out – and that impacts upon the chances of anybody else sharing information with you in future. There are more whistleblower horror stories than success stories. After all, if we handle a whistleblower really well, who ever really finds out that there was one?

What kind of investigator are you?

Every so often, I hear investigators at conferences speculating (or riffing online) about what sort of people become whistleblowers. I wonder if a more pertinent question is, what sort of investigator are you? And in particular, how much attention do you give to your eternal, internal battle against cognitive biases, heuristics and errors – a battle critical to maintaining your objective investigative mindset?

Whistleblowers are real people, who for whatever reason, have placed themselves at some risk. I have seen these risks materialise, and it is not pretty. So, how can we ensure that our investigative practice sees whistleblowers as constructively as possible?

Reflect on your own attitudes. What assumptions do you make, and bring to work? Are they valid, or are they biases? How might they affect your work? What could the consequences be?

Treat whistleblowers as an asset. Although an investigator is not necessarily there to be an ‘advocate’ for a whistleblower, they should ensure that the whistleblower’s material is treated objectively and securely, that they are treated fairly, and that the risks to them are properly identified, considered and managed as far as possible.

Embrace hot and cold debriefs. (Or ‘immediate and delayed’ debriefs.) Adopt a cycle of evaluating your own performance and incorporate how you handle whistleblowers into it. Handling a whistleblower includes how you interact with them, treat their information, manage the investigation around them, and manage other stakeholders.

Like this:

This week I’ve been in Nairobi, Kenya, delivering workshops for local NGOs on minimising the risk of money-laundering and terrorist financing. Preparing the material led me to reflect on some of the conversations I’ve had with NGO managers about reducing the risk that physical assets, funds and stock might fall into the hands of those designated as terrorists, or subject to financial sanctions.

This presents a very challenging issue for NGOs that work in high-risk areas, and one with significant tensions at its heart. These include the tension between minimising the risk of diversion versus disrupting the delivery of aid, competing obligations on the ground, and the wider balancing act between regulation and enforcement versus guidance and capacity building.

It does not help that the international regulatory picture and sectoral response are far from coherent, and subsequently it is understandable that there are widespread misunderstandings. This is not an exhaustive article, of course, but we’ll explore (in no particular order) some of the most common areas that have popped up in my conversations around the sector.

Audit may be unlikely to pick up incidents.

Audit is a helpful process that assists managers to meet their organisational goals and minimise risks. It is not its purpose to detect financial crime (less than 20% of detected fraud cases are identified this way). That’s assuming, of course, that systematic and independent audit even happens – in remote programmes, conflict zones or humanitarian emergencies, whole projects in some organisations may see little or no independent review at all.

NGO managers need to avoid the errors of assuming that a detection-free audit is an all-clear, or that it is solely the duty of auditors to prevent and detect financial crime, rather than everybody’s responsibility. ‘Protection money’ or ‘taxes’ paid to terrorist groups can be masked as vague costs, such as ‘transport’ or ‘security.’ If identity and sanctions list checks of partners, contractors, consultants, staff and volunteers were not conducted, auditors won’t necessarily pick up positive hits either. Audit may help identify vulnerabilities, but it cannot be relied upon to spot incidents.

Instead, according to FATF, factors that might elevate an NGO’s risk include programmes in close proximity to terrorist groups, and/or those that are ‘service’-oriented; these could include construction and distributions (i.e. operations more likely to involve the movement of physical assets, funds or stock). An NGO in this position needs to ensure that it implements a meaningful risk management cycle, creating space to look for vulnerabilities and taking reasonable precautions. Risk assessment is only a bureaucratic ‘tick-box exercise’ if we let it be – it can be a powerful method to spot what could go wrong and do our best to prepare for it.

Transferring all the risk to local partners isn’t fair.

In my book, I suggest that a chain of unbridled risk transfer from back-donors to INGOs to local partners has the opposite effect of protecting funds – it increases the risk of fraud and corruption. In the end, too much risk derived from decisions taken in coffee-laced, air-conditioned meetings in Brussels, London and Kabul sits on the shoulders of one Afghan worker standing in the sun at a checkpoint in Badakhshan. This is poor risk management, poor partnership-working, and poor diversion prevention.

The flow needs to be inverted. Rather than just responsibility flowing from back-donor to local organisation, communication about the nature of the risks needs to flow the other way, and provoke increased investment in capacity-building and shared responsibility. There are difficulties with reconciling programmatic objectives and terrorism risk (‘what if we really can’t access that population without a payment?’), but we will not start to address these if agencies hide behind risk transfer to avoid the conversation.

Relying on assurances of non-prosecution is dangerous.

In 2015, the UK government issued guidance describing the risk of a prosecution for a terrorism offence as a result of involvement in humanitarian efforts or conflict resolution as ‘low.’ This was encouraging in terms of the British government’s recognition of the vital need for humanitarian work in conflict zones and the difficult circumstances in which it occurs. However, we need to be cautious about how we respond to this in terms of our investment in minimising the risk – we might have been here before.

In 2010, the Bribery Act led to a flurry of compliance activity amongst NGOs keen to avoid prosecution for failing to prevent bribery. According to some, however, unnamed British officials apparently indicated to nervous NGOs that their organisations were not the focus of this legislation and appeared to imply that they would not be paid much attention. Some perceive that, sadly, this well-intentioned move contributed to a dwindling of effort amongst some NGOs in developing meaningful compliance frameworks. (Ironically, in this regulation with strong ‘prevention’ requirements, it is the dwindling of effort and its consequences that could potentially elevate the chances of prosecution!)

Implied assurance of non-prosecution is always caveated, is not always made by those with the correct authority, and might not relate to that which is perceived. The British guidance note, for example, does not indicate whether it is referring to placing resources in the hands of terrorists (potentially s15-18 Terrorism Act offences), failing to have sufficient systems to prevent sanctions breaches (potentially a s34 Terrorist Asset Freezing Act offence of neglect), failing to report a suspected funding offence (s19 Terrorism Act), or some of those, or none – and so on. In any event, any decisions would be made on the basis of the prevailing circumstances of the case and it is worth noting that Save the Children International were investigated by the Metropolitan Police for allegedly failing to report a suspected incident of theft by a terrorist group in Somalia.

This situation also comes with an ethical choice – if we are not to be prosecuted, is it okay to commit the offence? Our donors and supporters may have something to say about that.

Assurances of the low probability of prosecution are not literal Get Out Of Jail Free cards. Instead, a pragmatic response for NGOs might be to continue to do all that is reasonable to comply with regulations, invest in proper systems to reduce the risk of both incidents and non-compliance, and maintain dialogue with authorities on the implications for humanitarian operations generated by the intricacies of their regulatory regimes. And there is no substitute, of course, for professional legal advice.

Conclusion

As with many of the corruption risks facing NGOs, the issues are complex and difficult. NGOs require the understanding – and patience – of the public, their donors and host governments. However, there is much that NGOs can do to reduce these risks.

Many of the systems and approaches that minimise the risk of diversion represent good governance and management – creating space for proper planning and monitoring of operations, ensuring that open internal communication channels exist, investing in the coherent verification of outputs, the diligent management of third parties, and so on. Getting these things right in areas where we are more able to do so reduces overall exposure, allowing us to focus our problem-solving on the areas where things are more challenging.

Improving transparency – or, in old money, having the conversation – will start the ball rolling.

As humans, we love to think that we’re rational, sensible people making rational, sensible choices. The problem is that modern research suggests that this is pretty far from the truth, and that there are common biases and errors that affect our thinking.

As NGOs, charities and non-profits, some of these can really impact upon our efforts to reduce fraud and corruption to an absolute minimum. Here’s a little selection of some of those that I think I’ve observed.

1. Availability bias

In 2010, there were a number of shark attacks off the Egyptian resort of Sharm el-Sheikh. In the following weeks, it seemed to me that the news was full of shark encounter stories. What was going on? Had sharks suddenly become more aggressive? No – this was availability bias in action, a mental shortcut in which we rely on the most immediately available information to make decisions, without considering how that information became available. All that was happening, was that the media were reporting more on the subject, and that I was more attuned to the matter. (David Mcraney uses a similar example in his great book, You Are Not So Smart.)

Fraud and corruption love availability bias. These two creatures naturally hide, so availability bias means that senior managers are usually responding to more readily-apparent risks, often de-prioritising fraud and corruption. And when these phenomena are off the radar, they can blossom until they’re too big to ignore – and then it’s too late; public scandals are imminent.

Instead, we need to recognise that the unique nature of humanitarian and development agencies gives these risks high likelihoods and impact. So, they should be made a standing organisational priority, with their own reporting framework that provides management information on both the perceived risk areas and the performance of countermeasures.

2. Loss aversion

Research suggests that we feel losses more intensely than gains – so if you lost a £100,000 sports car, you’d feel that much more powerfully than you would if you won a £100,000 sports car in one of those airport car lotteries. This emphasis leads to an aversion to losses that can be stronger than the lure of benefits.

Committing to counter-fraud and corruption work means that in the long run, we have more money with which to help our beneficiaries and are more sustainable – our work is more resilient to catastrophic reputational events, and we could enjoy greater public trust. But these less tangible long-term benefits face a big challenge from very tangible short-term losses. Spending more money on anti-fraud mechanisms, or refusing to pay bribes, can mean we slow down (or perceive a lessening in) our operational delivery. That means helping fewer beneficiaries by comparison to our expectations. So implementing a counter-fraud and anti-corruption agenda can appear to come at a loss – not a gain.

Counter-fraud specialists need to clearly articulate the benefits of counter-fraud and corruption work, using every available means. This requires creativity and effort. Further, donor agencies and private supporters need to leverage the NGOs they fund, making it clear that this better way of operating represents their expectation.

3. Rationalisation

Celebrated psychologist Dan Ariely conducted an interesting experiment in which he placed dollar bills and cans of Coca-Cola around the campus of an American university. When he went back, the dollar bills were all still there – but the Coke cans had gone. (You can read about this, and other experiments, in his fantastic book Predictably Irrational.)

What might be happening here is that the less like money something seems, the less like stealing it feels. This is rationalisation, the process of making something we want to do (even something dishonest) fit with our own self-respect.

This is really important for NGOs, because although we might have good controls for cash handling, do we take sufficient protective care of our physical assets, and the stock in our warehouses? Studies like this one would seem to suggest that these items are at a high risk too.

4. The fundamental attribution error

When you’re driving, have you ever noticed that if someone else makes a mistake, then they’re an idiotic and dangerous driver – but if you make a mistake it’s because you were interrupted by a passenger, the car needs servicing, or you were responding to something another car was doing? This effect is known as the fundamental attribution error – the tendency to ascribe the actions of others to their own internal factors, but yours to external factors.

Something we sometimes do in NGOs is to assume that people who commit fraud and corruption are fundamentally bad people that we need to keep out of our organisations. When we do this, we forget that people are complicated, and can become perpetrators while inside our organisations.

In Donald Cressey’s enduring ‘Fraud Triangle’ theory of behaviour, anyone can behave dishonestly if the pressure on them is sufficient, if they have an opportunity to do it with a sufficiently low chance of detection or meaningful sanction, and if they can rationalise (justify) it in their minds. Though our thresholds for each may vary, we all have a triangle, and might progress towards or away from those thresholds according to the factors acting on us throughout our lives.

This is important for NGOs, because it means that all our physical assets, funds and stock are at risk from all our staff, all of the time.

The best way to respond to this is to commit to an ongoing, holistic programme of activity that deters, prevents, detects and responds to fraud and corruption – and which is considered as fundamental to our business as having an HR or IT function.

5. Learned helplessness

A few years ago, in a Middle Eastern country, I was delivering a workshop for managers on reducing fraud and corruption. A lady interrupted me to say, ‘but this is just the way things are here!’

When we work in complex and difficult places, we can sometimes give in to learned helplessness. This phenomenon lies to us with such thoughts as ‘this is just how business is done around here,’ or ‘we can’t do this work in any other way.’

The truth is that for every problem there is an opportunity – even if that sometimes means doing things the long way round, or investing more funds in doing them. Helpful approaches include maximizing local contextual knowledge, incorporating a realistic and informed planning phase, and seeing response activities like investigations as business improvement tools that fuel a virtuous cycle of self-improvement – what can we learn in order to become more resilient?

What other effects have you seen in action, and how best can they be countered?

Find out more about the risk that fraud and corruption pose to humanitarian and global development organisations, and how they can better deter, prevent, detect and respond to it, in my book! Click here to get your copy of Fighting Fraud and Corruption in the Humanitarian and Global Development Sector from the Routledge website or Amazon!